Digital health apps and telemedicine in Romania

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Software within digital health apps can be considered a medical device provided that it falls under the Regulation (EU) 2017/745 of the European Parliament and of the Council on medical devices (MDR), the Law no. 95/2006 on the healthcare reform (“Healthcare Act”) and the Government Decision no. 798/2003 on the conditions for placing on the market and using in vitro diagnostic medical devices.

Under the MDR, a “medical device” is defined as any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes:

• diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease;
• diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability;
• investigation, replacement or modification of the anatomy or of a physiological or pathological process or state; or
• providing information by means of in vitro examination of specimens derived from the human body, including organ, blood and tissue donations;

and which does not achieve its principal intended action by pharmacological, immunological, or metabolic means, in or on the human body, but which may be assisted in its function by such means.

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

Under the MDR, software designed to provide data used to make decisions for diagnostic or therapeutic purposes is now classified as a medical device; devices for the control or support of conception and products specifically intended for the cleaning, disinfection or sterilisation of devices shall also be deemed to be medical devices.

On the other hand, as a general rule, software designed for general use, even used in a medical institution, as well as software intended to monitor indicators related to lifestyle and wellbeing, should not be classified as medical devices.

Of particular interest for classifying digital health apps/software as “medical devices” is the MDCG 2019-11 Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 – MDR and Regulation (EU) 2017/746 – IVDR, released by the Medical Device Coordination Group. This guidance defines the criteria for the qualification of software falling within the scope of the MDR and provides guidance on the application of classification criteria for software thereunder.

Considering the above, it is advisable to individually assess the regulatory classification of each digital health apps/software, on a case-by-case basis.

1.3 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

In terms of exclusions/exemptions applicable with regard to liability, it should be noted that Romanian law does not set out any specific legal regime regarding the liability relating either to the software in digital health apps or to medical devices in general.

In case of claims for compensation for damages, liability generally applies under Law no. 240/2004 regarding the manufacturers’ liability for damages caused by a defective product (the “Product Liability Law”).

The application of the provisions of the Product Liability Law does not exclude, however, the injured person’s right to claim damages pursuant to the common rules of the Romanian Civil Law.

Other regulations may also be applicable to digital health software, such as:

• Regulation (EU) 2017/745 of the European Parliament and of the Council on medical devices;
• The General Data Protection Regulation (GDPR);
• Law no. 190/2018 on measures of implementing the GDPR;
• Law no. 8/1996 on Copyright;
• Law no. 84/1998 on Trademarks and geographical indications;
• Ministry of Health Order no. 792/2006 on the procedure of clinical investigation and the procedure of assessing the medical devices’ performance;
• Ministry of Health Order no. 1009/2016 on the registration of medical devices in the national database;
• Ministry of Health Order no. 566/2020 on the approval of the Methodological Norms for the application of Title XX from the Healthcare Act regarding the approval of activities in the field of medical devices;
• Government Emergency Ordinance no. 46/2021 on the establishment of the institutional framework and measures for the implementation of Regulation (EU) no. 2017/745 on medical devices;
• Ministry of Health Order no. 2882/2021 on the method of reporting suspected serious incidents related to medical devices;
• Order no. 1171/2022 on the approval of the procedure for issuing the certificate for the sale of medical devices; and
• Ministry of Health Order no. 2219/2022 on the control by periodic verification of the medical devices in use, the evaluation of the performance of the second-hand medical devices put into operation and the issuing of the approval for the usage of medical devices for pre-hospital emergency medical assistance.

3.1 The users are residents using it within their jurisdiction and/or using it outside their jurisdiction.

Residents using software within digital health apps outside their jurisdiction may face issues of conflict of law rules, depending on the relevant EU member states/third countries involved.

3.2 It is a “B2B” (business to business) rather than “B2C” (business to end consumer) service.

Data protection/privacy laws apply to both “B2B” and “B2C” relations if the data processing is related to the personal data of individuals. Therefore, both scenarios may occur in case of digital health software, in which case the material scope and the territorial scope of the GDPR shall apply.

No. The Romanian laws do not currently provide any further specific restrictions, so the general data protection rules are fully applicable.

According to the Healthcare Act, medical personnel (including physicians) will be held civilly liable for the damages caused by error, including also the medical personnel’s negligence, recklessness or insufficient medical knowledge, through individual actions in the procedure of prevention, diagnosis and treatment.

At the same time, producers of medical equipment and medical devices may also be held liable according to the civil law rules for damages caused directly or indirectly by the hidden defects (in Romanian “vicii ascunse”) of their medical equipment or medical devices to the patients in the activity of prevention, diagnosis and treatment, during the warranty/validity period.

In addition, it should be noted that under the MDR, producers are required to set out measures to provide sufficient financial coverage in respect of their potential liability, proportionately to the risk class and type of device and the size of the enterprise.

The liability of the developer/producer of the software may also be triggered under the Romanian Product Liability Law in case of claims for compensation for damages caused by a defective medical device; notably, the application of the provisions of the Product Liability Law does not exclude the injured person’s right to claim damages pursuant to the common rules of the Romanian Civil Law or even the Criminal Code, as the case may be.

In view of the above, the applicable liability regime(s) shall be assessed on a case-by-case basis.

According to the Healthcare Act, the National Agency for Medicines and Medical Devices of Romania (“ANMDMR”) is the competent and decision-making authority in the field of medical devices.

The medical devices put into operation and in use are subject to the following means of control by the ANMDMR: (i) periodical verification; (ii) unannounced inspection and testing; or (iii) supervision in use.

According to Law no. 134/2019 on the reorganisation of the ANMDMR, in the field of medical devices, the ANMDMR has, inter alia, the following attributions:

• it regulates and supervises the market of medical devices;
• it approves the entities involved in the commercialization of (or provision of services in the field of) medical devices;
• it registers the medical devices introduced on the market or put into operation in Romania, the domestic manufacturers, the authorised representatives, the importers and the distributors of medical devices;
• it performs the control through periodic verification of the medical devices that are in use;
• it issues certificates for the sale of medical devices, as well as the relevant customs visas;
• it evaluates, appoints and monitors the relevant conformity assessment bodies;
• it evaluates the medical technologies of high-performance medical devices and authorizes clinical investigations for medical devices;
• it takes appropriate measures to withdraw from the market or to prohibit or restrict the placing on the market or putting into service of medical devices which may compromise the health and/or safety of patients and users; and
• it records and evaluates information on reported incidents and proposed corrective actions in relation to medical devices and implements the vigilance procedure according to the harmonised legislation in force.

Following the entry into force of the MDR, the unique device identification system (UDI) was regulated, and ANMDMR has been appointed as the regulatory authority that verifies the data inputted in the UDI by the producers, authorized representatives, and importers.

In addition, ANMDMR is the competent authority for the evaluation, notification and approval of advertising materials, as well as for any other form of advertising regarding medical devices, except for those intended for healthcare professionals, granting advertising visas to the applicants.

As the competent authority, ANMDMR can impose regulatory fines for non-compliance with the obligations borne in the field of medical devices. Under the Healthcare Act, these fines range between RON 5,000 (approx. EUR 1,000) and RON 20,000 (approx. EUR 4,000).

While on the topic of sanctions, it should be noted that, according to the GDPR, failure to comply with the data protection rules may result in an administrative fine up to EUR 10 or 20 million or in the case of an undertaking up to 2% or 4% of the annual worldwide turnover of the preceding financial year, whichever is higher.

There are ongoing discussions at the level of the Romanian government supporting telemedicine/ digital health apps/ software, especially in the context of a recent concern stated by the Romanian Ministry of Health regarding the high number of localities in Romania that do not have primary medical care.¹

That said, at the time of writing, we could not identify an immediate governmental action plan or draft legislation to tackle this topic. 

Healthcare activities may be performed in Romania by physicians that are members of the Romanian College of Physicians (“CMR”). CMR is an apolitical professional body that represents the self-regulatory body of physicians and adopts the Statute and the Code of Medical Ethics.

Physicians who are members of CMR may carry out healthcare activities in the public and/or private healthcare system either as employees or as independent natural persons on a contractual basis. Physicians also have the option to set up a medical practice office.

Practising healthcare activities by a person who does not hold the qualification of a physician constitutes an offence and is punished according to the Criminal Code.

The activities carried out by physicians are monitored and controlled by CMR and the Ministry of Health.

Telemedicine in Romania was originally regulated as a way to consult, diagnose, treat and monitor patients in isolated places, away from local medical units, or in areas where there is a shortage of available medical staff (i.e., Government Emergency Ordinance no. 8/2018 on the regulation of certain measures in healthcare).

In the context of the COVID-19 pandemic, the Romanian Government issued a legal framework regulating telemedicine during the state of emergency and then during the state of alert (i.e., Government Decision no. 252/2020 and Government Emergency Ordinance no. 70/2020 on the regulation of certain measures, starting 15 May 2020, in the context of the epidemiological situation caused by the spread of the SARS-CoV-2 coronavirus).

Later in 2020, the Romanian Government issued a general legal framework for the practice of telemedicine (i.e., Government Emergency Ordinance no. 196/2020 amending the Healthcare Act), by which healthcare professionals have been allowed to provide medical services through telemedicine (teleconsultation, tele-expertise, telecare teleradiology, telepathology and telemonitoring) to exchange valid information for the diagnosis, treatment and prevention of diseases and injuries, research and evaluation, and providing ongoing assistance.

10.1 What are the requirements?

According to Romanian law, telemedicine may be provided in a non-discriminatory manner to any person by all healthcare professionals using information and communication technologies as means of distance communication, with the purpose of exchanging valid information for the diagnosis, treatment and prevention of diseases and injuries, research and evaluation, as well as for the ongoing assistance.

Government Emergency Ordinance no. 196/2020 provides a list of the medical services that can be provided through telemedicine, which includes:

• Teleconsultation: the medical service performed in relation to the patient, who discusses remotely to the doctor (through any means of communication) in order to establish the diagnosis, treatment and / or measures necessary to prevent diseases and their complications;
• Tele-expertise: the telemedicine service whereby an exchange of medical opinions takes place between several doctors by any means of distance communication, in order to confirm a diagnosis and / or therapeutic conduct, based on data from the patient's medical documents, and which does not imply the latter’s physical presence;
• Telecare: the medical service consisting of the help provided remotely by a doctor to another practitioner, who performs a medical or surgical act, as well as the medical service performed when the medical staff providing emergency medical help needs assistance;
• Teleradiology (respectively radiology and remote medical imaging): telemedicine service that involves the electronic transmission of radiological images using digital image capture technologies, with the purpose of their interpretation by specialists in medical radiology-imaging and establishing a diagnosis;
• Telepathology: telemedicine service that involves the remote transmission of microscopic data and images, with the purpose of their interpretation by pathologists and establishing a diagnosis; and
• Telemonitoring: medical service that allows a specialist doctor to remotely monitor and interpret medical data about the patient transmitted by the latter through electronic means of distance communication, necessary for medical follow-up, adjustment of the patient’s therapeutic behaviour, lifestyle and hygiene-dietary regime.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

During the state of alert caused by the COVID-19 pandemic, remote medical services were applicable as follows:

• Distance consultations - granted and settled according to the legal regulations in force applicable to medical-office consultations as provided in the service packages of primary care, and from specialised outpatient care for clinical specialties.
• The distance consultations provided to patients with coronavirus symptoms - included with consultations from the package of medical-office basic services for acute and subacute diseases and chronic diseases.
• Remote consultations – possibility to be granted in the outpatient areas of public and private hospitals for the issuance of a medical prescription. A medical prescription is not always be required (such is the case for patients with chronic diseases who are on a stable therapeutic regimen, where family doctors could issue prescriptions based on the medical documents already issued to them).
• A family doctor or specialist from an outpatient unit - records the remote medical consultations in the patient’s file and in the consultation register. The record must indicate the means of communication used and the length of time of the consultation. The physician then issues any necessary documents to the patient by electronic means.
• The obligation to use the national health card and its replacement documents has been suspended during the state of emergency.

No. At the same time all physicians, irrespective of the form of the healthcare activity (either remote or in clinic), must comply with the laws and regulations of the medical profession, the Code of Medical Ethics and the rules of good professional practice, the CMR Statute and the binding decisions adopted by the governing bodies of the CMR.

There are no express provisions regulating what types of medicine can be prescribed.

State of alert

Yes, during the state of alert caused by the COVID-19 pandemic, family doctors and specialist doctors at outpatient clinics could grant medical consultations remotely for basic services and in the minimum package of medical services, up to a maximum of eight consultations per hour.

An insured person could send documents by electronic means to the health insurance house, which could in turn use electronic means to transmit the issued documents necessary to the insured person.

There are no special provisions about the reimbursement/ coverage of costs regarding the use of mobile apps that can combine digital health and telemedicine.

General legal framework

The reimbursement of telemedicine services will be provided in the framework agreement regulating the conditions for granting medical assistance, medicines, and medical devices in the social health insurance system.

No. The general rules, amongst others, the GDPR and Law no. 190/2018 on measures of implementing the GDPR would apply.

In 2020, a draft law on remote medical services through means of electronic communication was submitted for debate in the Romanian Parliament. The draft law was supposed to serve as a general legal framework for the practice of telemedicine, applicable beyond any state of emergency or state of alert and to anyone in Romania who seeks remote medical services. However, part of the provisions comprised in this draft law have already been included in the latest amendment to the Healthcare Act and it does no longer seem to exist a strong political intention to pass this piece of legislation.

Please also see our answer to Q7 above.

¹https://www.forbes.ro/alexandru-rafila-sunt-sute-de-localitati-din-romania-care-nu-au-asistenta-medicala-primara-iar-corpul-medical-este-imbatranit-279205